Recent advances in hardware and software technologies have led to the design of many pervasively distributed IoT devices that can generate/consume data and manage multiple sensors and actuators, paving the way for new applications and services. However, these new features, at the same time, can easily become an enticing “grab point” for attackers, unlocking a newer and larger attack space and exposing things to greater vulnerability. In this perspective, the objective of this document is the improvement of the IoT publish/subscribe architecture and the MQTT protocol with more scalable and dynamic additional security mechanisms, which can provide end-to-end security while reducing overhead and traffic load on the broker. Building upon our prior published research, the proposal further extends and advances the concept of “security layers” between which devices with priority-aware topics can easily switch to reduce protocol overhead and increase flexibility. Each topic has associated security characteristics that clients negotiate with each other, thus saving the broker from managing any security primitives. The proposed security mechanism called Dynamic and Lightweight Security over Topics MQTT (DLST-MQTT), is compared with the standard MQTT and TLS-MQTT in terms of bandwidth consumed, CPU, and RAM usage. Additionally, security levels with relevant scores are defined, and two security update procedures taking advantage of topic priorities are designed and evaluated.
DLST-MQTT: Dynamic and lightweight security over topics MQTT
De Rango, Floriano;Spina, Mattia Giovanni;Iera, Antonio
2025-01-01
Abstract
Recent advances in hardware and software technologies have led to the design of many pervasively distributed IoT devices that can generate/consume data and manage multiple sensors and actuators, paving the way for new applications and services. However, these new features, at the same time, can easily become an enticing “grab point” for attackers, unlocking a newer and larger attack space and exposing things to greater vulnerability. In this perspective, the objective of this document is the improvement of the IoT publish/subscribe architecture and the MQTT protocol with more scalable and dynamic additional security mechanisms, which can provide end-to-end security while reducing overhead and traffic load on the broker. Building upon our prior published research, the proposal further extends and advances the concept of “security layers” between which devices with priority-aware topics can easily switch to reduce protocol overhead and increase flexibility. Each topic has associated security characteristics that clients negotiate with each other, thus saving the broker from managing any security primitives. The proposed security mechanism called Dynamic and Lightweight Security over Topics MQTT (DLST-MQTT), is compared with the standard MQTT and TLS-MQTT in terms of bandwidth consumed, CPU, and RAM usage. Additionally, security levels with relevant scores are defined, and two security update procedures taking advantage of topic priorities are designed and evaluated.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.